The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes system-level commands through subprocess calls to soffice and gcc in scripts/recalc.py and scripts/office/soffice.py. These commands are used to automate spreadsheet recalculation and environment setup.
[REMOTE_CODE_EXECUTION]: High-risk dynamic execution patterns are present in scripts/office/soffice.py, which writes C source code to a temporary file, compiles it into a shared object using gcc, and then uses LD_PRELOAD to inject the library into the LibreOffice process. Additionally, scripts/recalc.py persists and executes a custom StarBasic macro in the local LibreOffice configuration directory.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing untrusted data from Office documents and spreadsheets without explicit boundary markers in the agent prompts. Mandatory Evidence Chain: 1. Ingestion points: Office XML components and spreadsheet contents via unpack.py and pandas. 2. Boundary markers: Absent in skill instructions for data processing. 3. Capability inventory: System command execution, file system writes, and dynamic library injection. 4. Sanitization: The skill correctly uses defusedxml to mitigate standard XML external entity (XXE) vulnerabilities.

xlsx